GoPro Consulting Ltd

Advanced Inspection Management (AIM) Cloud Software Service

AIM is a low-code, high configuration, advanced inspection case management solution. AIM is focused on delivering transformational efficiency improvements to the entire inspection process. It provides online engagement portal, advanced scoring of inspection cases, automatic AI based inspection scheduling and innovative data and rules driven case process automation.

Features

• Automated inspection complexity scoring
• Configurable automated non-compliance risk assessment
• AI inspection scheduling and optimisation
• Automated AI supported optimal route planning
• Inspection data collection via ‘smart forms’
• Document management and template-based outcome reporting
• Secure self-inspection and submission portal
• Secure stakeholder engagement portal
• Seamless Office and Email integration
• 100% Rest API enabled

Benefits

• Typically, 80%+ fit to business requirements, out-of-the-box
• Low risk on-boarding through highly configurable low code platform
• On average 40% more efficient inspection scheduling
• Improved outcomes through automated risk-based prioritisation
• Improved efficiency through rules and data driven automation
• Out of the box end-to-end digital transformation of service delivery
• Minimal user training required due to context aware UX

£31.78 to £97.00 a user a month

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at lesley@gopro.net. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

479445471468280

Contact

Lesley Franck
02038079644
lesley@gopro.net

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Private cloud
  • Hybrid cloud
• Service constraints: There are no specific constraints that apply to the service.
• System requirements: A supported internet browser. Please see section on supported browsers.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We provide online ticketing support. The response time SLAs are provided in the standard T&C. In addition at an additional cost we provide outside normal working hours support.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Our support levels and corresponding SLA are described in our standard T&Cs
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We will work with you and help identify the on-boarding services that align with your digital transformation strategy and objectives. On-boarding services often include assistance in user story refinement, configuration support, data migration assistance, super user and end user training. ; ; Further documentation such as the online WIKI and in-system-guidance helps ensuring that the desired business out comes are realised quickly.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • ODF
  • PDF
• End-of-contract data extraction: At the end of the contract we can provide data in multiple ways. Data can be provided as a SQL database which contains all raw system data and all file attachment delivered on to a file drive or data in XML form with the file attachments included on to a file drive.
• End-of-contract process: The data extraction and delivery is a standard service, where we will work with you to determine which method is most appropriate. This service is provided on a time and material basis unless otherwise agreed at the time of contracting.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The user interface is responsive and supports use on tablet devices.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: The solution is fully (100% of system functionality) available through web services API. This includes REST API and SOAP.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: Testing is made to ensure WCAG 2.1 AA compliance. Further support for assistive tools including Dragon Naturally Speaking, JAWS and Magic.
• API: Yes
• What users can and can't do using the API: 100 % of system functionality is available via a service API (RESTFUL and SOAP).
• API documentation: Yes
• API documentation formats:
  • HTML
  • ODF
  • PDF
  • Other
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The solution is highly configurable and provides the customer flexibility to adapt the solution without coding. This means that the customer can configure a very wide range of solution elements. This includes forms and document templates, additional meta data, drop down lists, system views, processes (via graphical BPMN designer), rules and decision tables, AI optimisation constraints, etc.

Scaling

• Independence of resources: Each customer has their own tenant with dedicated resource that allows scaling as required.

Analytics

• Service usage metrics: Yes
• Metrics types: A wide range of metrics can be reported in accordance with selected Service Level Agreement. These include number of support tickets raised, resolution time, outage time, performance against SLA, storage usage, etc.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: The user can search and filter on the data in the system to define the desired data set, which then can be extracted by the user via spreadsheets. ; ; Data can also be extracted as XML.
• Data export formats:
  • CSV
  • Other
• Other data export formats: XML
• Data import formats:
  • CSV
  • Other
• Other data import formats: XML

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: The detailed standard SLAs are provided in the standard T&C's for service.; ; The standard availability of the service is 99.95% within normal working hours, but enhanced service level agreements are available and can be tailored to individual customer requirements e.g with specific RTO, RPO and availability.
• Approach to resilience: Individual environments can be clustered and span across multiple data centres located in different geographical locations. The specific setup is tailored to the customer specific requirement for resilience. ; ; Details are available upon request.
• Outage reporting: Outage reporting is provided by means of email alerts, public dashboards, and API. The selected approach will depend on customer's preferences.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Access to management interfaces is controlled via private or VPN connections and/or SSH connections and restricted by 'least privilege access' with strong username and password combinations.; Administration access and customer data access is segregated.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 13/04/2019
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • CyberEssentials
  • ISO 27001

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: CyberEssentials
• Information security policies and processes: We operate a formalised and certified ISO 27001 ISMS with a policy framework that fulfills all the prescribed controls. These are reviewed on an annual basis at least.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Configuration and change management processes are controlled through our ISO:27001 policies.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We use external third parties to perform penetration testing on a regular basis. We also use internal industry standard scanners to perform penetration tests. We monitor all major security lists to ensure we are notified of any threats in a timely manner. Patches are applied in correspondence with the severity classification and fix times specified in the standard SLAs.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We employ internal and external monitoring and Intrusion detection systems to identify potential problems or compromises.; ; In the event of a potential compromise the CISO is notified as well as the potentially affected clients.; ; Incidents are logged through our ISO:27001 incident management process, analysed, and mitigated within hours.
• Incident management type: Supplier-defined controls
• Incident management approach: Our ISO:27001 ISMS provides pre-defined processes for managing incidents. Incidents are reported by the users through our ticketing system. Cause-of-action reports and root-cause-analysis reports are provided via email.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: Yes
• Connected networks: Public Services Network (PSN)

Social Value

• Fighting climate change:

  Fighting climate change

  As a socially responsible company, GoPro aims to reduce the environmental impact of our business operations and actively combat climate change. In relation to the provided service, the environmental initiatives include: ; • Use of carbon neutral hosting for our solutions; • Promote the further usage of technologies as a replacement for travel in relation to customer onboarding of the service e.g., video conferencing, online whiteboard tools; Other initiatives that positively impact the service indirectly; • Introduction of carbon offsetting for business activities. ; • Use of electric cars as a standard choice of company cars; • We monitor our activities to ensure our fuel consumption and materials are continually reduced.; • Reduction of waste initiatives and sorting of waste ; ; A consolidated Social Value Statement can be made available.
• Covid-19 recovery:

  Covid-19 recovery

  GoPro has been and is committed to support its staff and local communities in dealing with the impact of the Covid-19 pandemic and the recovery here from. Initiatives include creating job opportunities and offering apprenticeships and traineeships. Providing local gov’t access to the company’s to the service to enable effective support of applications for Covid Business Support. ; ; GoPro is supporting charitable organisations to further the recovery from Covid and strengthen the economic recovery.; ; A consolidated Social Value Statement can be made available.
• Tackling economic inequality:

  Tackling economic inequality

  Tackling economic inequality As a socially responsible company, GoPro is actively taking steps to fight economic inequality by implementing initiatives that ensure same-pay-for-same-work. ; In relation to providing this service, GoPro is vetting subcontractors and supply chain members used in delivery of the service to ensure that these are living up to our social value and social value responsibility agenda.; ; A consolidated Social Value Statement can be made available.
• Equal opportunity:

  Equal opportunity

  GoPro is committed to its policy of being an equal opportunities and inclusive employer. This includes reducing the disability employment gap, offering flexible working models, offering beyond regular requirements sick-leave arrangements, supporting gender equality, and supporting and enabling women in STEM. In fact GoPro’s chief technical staff responsible for all our G-Cloud Services is female, as well as 50% of GoPro’s board is female.; ; A consolidated Social Value Statement can be made available.
• Wellbeing:

  Wellbeing

  As an SME, GoPro is highly focussed and committed to implementing initiatives that strengthen employee wellbeing and mental health. These initiatives and their impact are measured and reported on as part of the company’s intellectual capital reporting scheme. ; ; A consolidated Social Value Statement can be made available.

Pricing

• Price: £31.78 to £97.00 a user a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at lesley@gopro.net. Tell them what format you need. It will help if you say what assistive technology you use.